| Nowadays, computer system's security is becoming more and more significant in people's daily lives. As a result, people pay more attention to computer viruses because of their threaten to the computer system. Especially, virus's polymorphism technology is almost pervasive in every comer of the PE file virus technology. By analyzing some typical virus samples, this dissertation mainly deals with the analysis on the polymorphic virus technology and antivirus strategy design. As a main difference between today's computer virus and the ones of ten more years ago, polymorphism is becoming not only more and more popular and serious but also more and more advanced. The polymorphic viruses are changing their codes every minute. As a result, new virus can be discovered every day in our life. The purpose of this dissertation is to tackle this problem by designing a strategy and developing a scanner to detect the polymorphic virus.In the first place, this dissertation takes an overall look on the polymorphic virus technology and gives a complete concept of polymorphic virus which bases on the evolution of code. In the second place, this dissertation analyzes Win98.BlackBat computer virus that is a most typical polymorphic virus, especially the self-protection mechanism of the virus, and tries to make an access to the gate of tackling the problem of polymorphic virus. In the third place, even though the polymorphic viruses are extremely hard to detect, this dissertation tries best to find a way to deal with them. By concluding ten rules of virus detect based on the analysis of virus and PE files' information, this dissertation designs a strategy of virus detect. In the fourth place, this dissertation develops an arithmetic combined by overall correct and part correct which can amend the virus detect engine. Most important, every rule has its own unique revised system that can help the scanner to be more and more accurate. The last but not the least, basedon the above strategy and arithmetic, this dissertation develops a virus detection scanner that is usable and effective.In this dissertation, it tackles the following problems. Firstly, analyze the virus' self-protect ion mechanism and its methods. Secondly, make a strategy of virus detect based on ten detect rules which calls heuristic analysis. Thirdly, tackle the security problem when detecting the virus. Fourthly, develop a arithmetic of correcting the detect scanner engine. |
PDF Full Text Request